性能测试代码优化

soc-common/soc-common-core/src/main/java/com/xunmei/common/core/utils/file/MimeTypeUtils.java

@@ -67,8 +67,6 @@ public class MimeTypeUtils
         add("xlsx");
         add("ppt");
         add("pptx");
-        add("html");
-        add("htm");
         add("txt");
         add("et");
         add("zip");

soc-gateway/src/main/java/com/xunmei/gateway/filter/XssFilter.java

@@ -98,13 +98,14 @@ public class XssFilter implements GlobalFilter, Ordered
             {
                 HttpHeaders httpHeaders = new HttpHeaders();
                 HttpHeaders headers = super.getHeaders();
-                // 遍历源HttpHeaders对象并验证每个头
+            /*    // 遍历源HttpHeaders对象并验证每个头
                 for (String headerName : headers.keySet()) {
                     String headerValue = headers.getFirst(headerName);
                     if ( headerName.matches("[a-zA-Z0-9._\\-]+") && headerValue.matches("[a-zA-Z0-9._\\-]+")) {
                         httpHeaders.add(headerName, headerValue);
                     }
-                }
+                }*/
+                httpHeaders.putAll(headers);
                 // 由于修改了请求体的body，导致content-length长度不确定，因此需要删除原先的content-length
                 httpHeaders.remove(HttpHeaders.CONTENT_LENGTH);
                 httpHeaders.set(HttpHeaders.TRANSFER_ENCODING, "chunked");

soc-modules/soc-modules-file/src/main/java/com/xunmei/file/controller/SysFileController.java

@@ -171,11 +171,7 @@ public class SysFileController {
         return R.ok(sysFileService.getRelativePath(path));
     }
 
-  /*  @ApiOperation(value = "获取文件流")
-    @GetMapping(value = "/getFileStream")
-    void getFileStream(@RequestParam String path, HttpServletResponse response) {
-        sysFileService.getFileStream(path, response);
-    }*/
+
     @ApiOperation(value = "获取本地存储路径前缀")
     @GetMapping(value = "/getLocalPathPrefix")
     R<String> getLocalPathPrefix() {

soc-modules/soc-modules-file/src/main/java/com/xunmei/file/utils/FileUploadUtils.java

@@ -1,6 +1,7 @@
 package com.xunmei.file.utils;
 
 import cn.hutool.core.codec.Base64;
+import cn.hutool.core.io.FileTypeUtil;
 import cn.hutool.core.io.FileUtil;
 import com.xunmei.common.core.exception.file.FileException;
 import com.xunmei.common.core.exception.file.FileNameLengthLimitExceededException;
@@ -18,8 +19,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.multipart.MultipartFile;
 
-import java.io.File;
-import java.io.IOException;
+import java.io.*;
 import java.nio.file.Paths;
 import java.util.Objects;
 
@@ -110,8 +110,13 @@ public class FileUploadUtils
         String fileName = extractFilename(file);
 
         String absPath = getAbsoluteFile(baseDir, fileName).getAbsolutePath();
-
-        file.transferTo(Paths.get(absPath));
+        String type = FileTypeUtil.getType(file.getInputStream());
+        File target = FileUtils.getFile(absPath);
+        file.transferTo(target);
+        if(!isAllowedExtension(type,allowedExtension)){
+            FileUtil.del(target);
+            throw new RuntimeException("上传文件类型不允许");
+        }
         return getPathFileName(fileName);
     }
 
@@ -120,6 +125,11 @@ public class FileUploadUtils
             InvalidExtensionException{
 
         byte[] decode = Base64.decode(file.getContent());
+        InputStream inputStream = new ByteArrayInputStream(decode);
+        String type = FileTypeUtil.getType(inputStream);
+        if(!isAllowedExtension(type,MimeTypeUtils.DEFAULT_ALLOWED_EXTENSION.toArray(new String[0]))){
+            throw new RuntimeException("上传文件类型不允许");
+        }
         String extension = file.getExtension();
         if(StringUtils.isEmpty(extension) || "null".equals(extension))
         {

soc-modules/soc-modules-system/src/main/java/com/xunmei/system/controller/SysUserOnlineController.java

@@ -33,7 +33,7 @@ public class SysUserOnlineController extends BaseController
     private ISysUserOnlineService userOnlineService;
 
 
-    @RequiresPermissions("monitor:online:list")
+    @RequiresPermissions("monitor:online:query")
     @GetMapping("/list")
     public TableDataInfo<SysUserOnline> list(String ipaddr, String userName)
     {

soc-modules/soc-modules-system/src/main/java/com/xunmei/system/service/impl/SysRoleServiceImpl.java

@@ -101,17 +101,7 @@ public class SysRoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole> impl
     @Override
     public List<SysRole> selectRolesByUserId(Long userId) {
         List<SysRole> userRoles = roleMapper.selectRolePermissionByUserId(userId);
-        List<SysRole> roles = selectRoleAll();
-        for (SysRole role : roles) {
-            for (SysRole userRole : userRoles) {
-//                if (role.getId().longValue() == userRole.getId().longValue())
-//                {
-//                    role.s(true);
-//                    break;
-//                }
-            }
-        }
-        return roles;
+        return userRoles;
     }
 
     /**